Skip to content

Commit

Permalink
fix: Adjust issues' titles in tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@afsmeira
afsmeira committed Nov 27, 2024
1 parent 5559323 commit 3c2cac1
Show file tree
Hide file tree
Showing 4 changed files with 66 additions and 66 deletions.
8 changes: 4 additions & 4 deletions docs/multiple-tests/all-patterns/results.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,25 +18,25 @@
<error
source="vulnerability_medium"
line="1"
message="Insecure dependency org.apache.logging.log4j:log4j-core:2.17.0 (CVE-2021-44832: log4j-core: remote code execution via JDBC Appender) (update to 2.17.1)"
message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2021-44832: log4j-core: remote code execution via JDBC Appender) (update to 2.17.1)"
severity="warning"
/>
<error
source="vulnerability"
line="2"
message="Insecure dependency org.apache.dolphinscheduler:dolphinscheduler-task-api:3.2.1 (CVE-2024-43202: Apache Dolphinscheduler Code Injection vulnerability) (update to 3.2.2)"
message="Insecure dependency maven/org.apache.dolphinscheduler/dolphinscheduler-task-api@3.2.1 (CVE-2024-43202: Apache Dolphinscheduler Code Injection vulnerability) (update to 3.2.2)"
severity="error"
/>
<error
source="vulnerability"
line="3"
message="Insecure dependency org.apache.seatunnel:seatunnel:1.0.0 (CVE-2023-49198: Apache SeaTunnel SQL Injection vulnerability) (update to 1.0.1)"
message="Insecure dependency maven/org.apache.seatunnel/seatunnel@1.0.0 (CVE-2023-49198: Apache SeaTunnel SQL Injection vulnerability) (update to 1.0.1)"
severity="error"
/>
<error
source="vulnerability_minor"
line="4"
message="Insecure dependency org.apache.cxf:cxf-rt-transports-http:4.0.0 (CVE-2024-41172: apache: cxf: org.apache.cxf:cxf-rt-transports-http: unrestricted memory consumption in CXF HTTP clients) (update to 4.0.5)"
message="Insecure dependency maven/org.apache.cxf/cxf-rt-transports-http@4.0.0 (CVE-2024-41172: apache: cxf: org.apache.cxf:cxf-rt-transports-http: unrestricted memory consumption in CXF HTTP clients) (update to 4.0.5)"
severity="info"
/>
</file>
Expand Down
56 changes: 28 additions & 28 deletions docs/multiple-tests/pattern-vulnerability-medium/results.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,74 +4,74 @@
<error
source="vulnerability_medium"
line="7"
message="Insecure dependency golang.org/x/[email protected] (CVE-2023-44487: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)) (update to 0.17.0)"
message="Insecure dependency golang/golang.org/x/[email protected] (CVE-2023-44487: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)) (update to 0.17.0)"
severity="warning"
/>
<error
source="vulnerability_medium"
line="7"
message="Insecure dependency golang.org/x/[email protected] (CVE-2023-45288: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS) (update to 0.23.0)"
message="Insecure dependency golang/golang.org/x/[email protected] (CVE-2023-45288: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS) (update to 0.23.0)"
severity="warning"
/>
<!-- stdlib -->
<error
source="vulnerability_medium"
line="3"
message="Insecure dependency [email protected] (CVE-2023-39326: golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests) (update to 1.20.12)"
message="Insecure dependency golang/[email protected] (CVE-2023-39326: golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests) (update to 1.20.12)"
severity="warning"
/>
<error
source="vulnerability_medium"
line="3"
message="Insecure dependency [email protected] (CVE-2024-24791: net/http: Denial of service due to improper 100-continue handling in net/http) (update to 1.21.12)"
message="Insecure dependency golang/[email protected] (CVE-2024-24791: net/http: Denial of service due to improper 100-continue handling in net/http) (update to 1.21.12)"
severity="warning"
/>
<error
source="vulnerability_medium"
line="3"
message="Insecure dependency [email protected] (CVE-2023-45289: golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect) (update to 1.21.8)"
message="Insecure dependency golang/[email protected] (CVE-2023-45289: golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect) (update to 1.21.8)"
severity="warning"
/>
<error
source="vulnerability_medium"
line="3"
message="Insecure dependency [email protected] (CVE-2023-45290: golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm) (update to 1.21.8)"
message="Insecure dependency golang/[email protected] (CVE-2023-45290: golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm) (update to 1.21.8)"
severity="warning"
/>
<error
source="vulnerability_medium"
line="3"
message="Insecure dependency [email protected] (CVE-2024-24783: golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm) (update to 1.21.8)"
message="Insecure dependency golang/[email protected] (CVE-2024-24783: golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm) (update to 1.21.8)"
severity="warning"
/>
<error
source="vulnerability_medium"
line="3"
message="Insecure dependency [email protected] (CVE-2024-24784: golang: net/mail: comments in display names are incorrectly handled) (update to 1.21.8)"
message="Insecure dependency golang/[email protected] (CVE-2024-24784: golang: net/mail: comments in display names are incorrectly handled) (update to 1.21.8)"
severity="warning"
/>
<error
source="vulnerability_medium"
line="3"
message="Insecure dependency [email protected] (CVE-2024-24785: golang: html/template: errors returned from MarshalJSON methods may break template escaping) (update to 1.21.8)"
message="Insecure dependency golang/[email protected] (CVE-2024-24785: golang: html/template: errors returned from MarshalJSON methods may break template escaping) (update to 1.21.8)"
severity="warning"
/>
<error
source="vulnerability_medium"
line="3"
message="Insecure dependency [email protected] (CVE-2024-24789: golang: archive/zip: Incorrect handling of certain ZIP files) (update to 1.21.11)"
message="Insecure dependency golang/[email protected] (CVE-2024-24789: golang: archive/zip: Incorrect handling of certain ZIP files) (update to 1.21.11)"
severity="warning"
/>
<error
source="vulnerability_medium"
line="3"
message="Insecure dependency [email protected] (CVE-2024-34155: go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion) (update to 1.22.7)"
message="Insecure dependency golang/[email protected] (CVE-2024-34155: go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion) (update to 1.22.7)"
severity="warning"
/>
<error
source="vulnerability_medium"
line="3"
message='Insecure dependency [email protected] (CVE-2024-34158: go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion) (update to 1.22.7)'
message='Insecure dependency golang/[email protected] (CVE-2024-34158: go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion) (update to 1.22.7)'
severity="warning"
/>
</file>
Expand All @@ -80,7 +80,7 @@
<error
source="vulnerability_medium"
line="1"
message="Insecure dependency org.apache.logging.log4j:log4j-core:2.17.0 (CVE-2021-44832: log4j-core: remote code execution via JDBC Appender) (update to 2.17.1)"
message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2021-44832: log4j-core: remote code execution via JDBC Appender) (update to 2.17.1)"
severity="warning"
/>
</file>
Expand All @@ -89,7 +89,7 @@
<error
source="vulnerability_medium"
line="14"
message="Insecure dependency org.apache.logging.log4j:log4j-core:2.17.0 (CVE-2021-44832: log4j-core: remote code execution via JDBC Appender) (update to 2.17.1)"
message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2021-44832: log4j-core: remote code execution via JDBC Appender) (update to 2.17.1)"
severity="warning"
/>
</file>
Expand All @@ -98,13 +98,13 @@
<error
source="vulnerability_medium"
line="14"
message="Insecure dependency [email protected] (CVE-2020-28168: nodejs-axios: allows an attacker to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address) (update to 0.21.1)"
message="Insecure dependency npm/[email protected] (CVE-2020-28168: nodejs-axios: allows an attacker to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address) (update to 0.21.1)"
severity="warning"
/>
<error
source="vulnerability_medium"
line="14"
message="Insecure dependency [email protected] (CVE-2023-45857: axios: exposure of confidential data stored in cookies) (update to 0.28.0)"
message="Insecure dependency npm/[email protected] (CVE-2023-45857: axios: exposure of confidential data stored in cookies) (update to 0.28.0)"
severity="warning"
/>
</file>
Expand All @@ -113,13 +113,13 @@
<error
source="vulnerability_medium"
line="5"
message="Insecure dependency [email protected] (CVE-2020-28168: nodejs-axios: allows an attacker to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address) (update to 0.21.1)"
message="Insecure dependency npm/[email protected] (CVE-2020-28168: nodejs-axios: allows an attacker to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address) (update to 0.21.1)"
severity="warning"
/>
<error
source="vulnerability_medium"
line="5"
message="Insecure dependency [email protected] (CVE-2023-45857: axios: exposure of confidential data stored in cookies) (update to 0.28.0)"
message="Insecure dependency npm/[email protected] (CVE-2023-45857: axios: exposure of confidential data stored in cookies) (update to 0.28.0)"
severity="warning"
/>
</file>
Expand All @@ -128,13 +128,13 @@
<error
source="vulnerability_medium"
line="131"
message="Insecure dependency [email protected] (CVE-2023-32681: python-requests: Unintended leak of Proxy-Authorization header) (update to 2.31.0)"
message="Insecure dependency pypi/[email protected] (CVE-2023-32681: python-requests: Unintended leak of Proxy-Authorization header) (update to 2.31.0)"
severity="warning"
/>
<error
source="vulnerability_medium"
line="131"
message="Insecure dependency [email protected] (CVE-2024-35195: requests: subsequent requests to the same host ignore cert verification) (update to 2.32.0)"
message="Insecure dependency pypi/[email protected] (CVE-2024-35195: requests: subsequent requests to the same host ignore cert verification) (update to 2.32.0)"
severity="warning"
/>
</file>
Expand All @@ -143,13 +143,13 @@
<error
source="vulnerability_medium"
line="2"
message="Insecure dependency [email protected] (CVE-2023-32681: python-requests: Unintended leak of Proxy-Authorization header) (update to 2.31.0)"
message="Insecure dependency pypi/[email protected] (CVE-2023-32681: python-requests: Unintended leak of Proxy-Authorization header) (update to 2.31.0)"
severity="warning"
/>
<error
source="vulnerability_medium"
line="2"
message="Insecure dependency [email protected] (CVE-2024-35195: requests: subsequent requests to the same host ignore cert verification) (update to 2.32.0)"
message="Insecure dependency pypi/[email protected] (CVE-2024-35195: requests: subsequent requests to the same host ignore cert verification) (update to 2.32.0)"
severity="warning"
/>
</file>
Expand All @@ -158,19 +158,19 @@
<error
source="vulnerability_medium"
line="4"
message="Insecure dependency [email protected] (CVE-2023-40175: rubygem-puma: HTTP request smuggling when parsing chunked transfer encoding bodies and zero-length content-length headers) (update to ~> 5.6.7, >= 6.3.1)"
message="Insecure dependency gem/[email protected] (CVE-2023-40175: rubygem-puma: HTTP request smuggling when parsing chunked transfer encoding bodies and zero-length content-length headers) (update to ~> 5.6.7, >= 6.3.1)"
severity="warning"
/>
<error
source="vulnerability_medium"
line="4"
message="Insecure dependency [email protected] (CVE-2024-21647: rubygem-puma: HTTP request smuggling when parsing chunked Transfer-Encoding Bodies) (update to ~> 5.6.8, >= 6.4.2)"
message="Insecure dependency gem/[email protected] (CVE-2024-21647: rubygem-puma: HTTP request smuggling when parsing chunked Transfer-Encoding Bodies) (update to ~> 5.6.8, >= 6.4.2)"
severity="warning"
/>
<error
source="vulnerability_medium"
line="4"
message="Insecure dependency [email protected] (CVE-2024-45614: rubygem-puma: Header normalization allows for client to clobber proxy set headers) (update to ~> 5.6.9, >= 6.4.3)"
message="Insecure dependency gem/[email protected] (CVE-2024-45614: rubygem-puma: Header normalization allows for client to clobber proxy set headers) (update to ~> 5.6.9, >= 6.4.3)"
severity="warning"
/>
</file>
Expand All @@ -179,7 +179,7 @@
<error
source="vulnerability_medium"
line="1"
message="Insecure dependency [email protected] (GHSA-xmrp-424f-vfpx: SQLx Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts) (update to 0.8.1)"
message="Insecure dependency cargo/[email protected] (GHSA-xmrp-424f-vfpx: SQLx Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts) (update to 0.8.1)"
severity="warning"
/>
</file>
Expand All @@ -188,7 +188,7 @@
<error
source="vulnerability_medium"
line="13"
message="Insecure dependency com.twitter:twitter-server_2.12:20.10.0 (CVE-2020-35774: TwitterServer Cross-site Scripting via /histograms endpoint) (update to 20.12.0)"
message="Insecure dependency maven/com.twitter/twitter-server_2.12@20.10.0 (CVE-2020-35774: TwitterServer Cross-site Scripting via /histograms endpoint) (update to 20.12.0)"
severity="warning"
/>
</file>
Expand All @@ -197,7 +197,7 @@
<error
source="vulnerability_medium"
line="67"
message="Insecure dependency github.com/apple/[email protected] (CVE-2023-44487: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)) (update to 1.28.0)"
message="Insecure dependency swift/github.com/apple/[email protected] (CVE-2023-44487: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)) (update to 1.28.0)"
severity="warning"
/>
</file>
Expand Down
Loading

0 comments on commit 3c2cac1

Please sign in to comment.